How To - Deploy Cyberoam in Gateway Mode

Transcription

1 How To - Deploy Cyberoam in Gateway Mode Cyberoam appliance can be deployed in a network in two modes: Gateway mode. Popularly known as Route mode Bridge mode. Popularly known as Transparent mode Article provides step-by-step procedure to configure Cyberoam in Gateway mode. Configuration steps are provided assuming that you have not configured Cyberoam appliance and are using factory default settings of the appliance. If your appliance has any custom settings, rollback to factory default setting before following the steps provided in the article. We are going to consider a hypothetical network example with firewall serving as a Gateway. We will replace the existing firewall with Cyberoam without changing the existing network LAN schema. Article covers: Features supported in gateway mode Deployment steps How to verify configuration Advance configuration Overview Gateway Gateway is a network point that acts as an entry point to another network or subnet to access the resources. In Enterprises, the gateway is the appliance that routes the traffic from a workstation to the outside network. In homes, the gateway is the ISP that connects the user to the Internet. Gateway Mode Cyberoam when deployed in Gateway mode acts as a Gateway for the networks to route the traffic. Gateway mode provides an ideal solution for networks that already have an existing firewall, and plans to replace their existing firewall and wish to add the security through Cyberoam s deep-packet inspection, Intrusion Detection and Prevention Services, Gateway Anti Virus, and Gateway Anti spam. If you do not have Cyberoam security modules subscriptions, you may register for free trial. Features supported in Gateway mode All the features except Hardware bypass (LAN bypass) are available in Gateway mode. VLAN support in Gateway mode While the network depicted in the example is simple, it is not uncommon for large networks to use VLANs for segmentation of traffic. If the existing firewall was configured for VLAN, refer Virtual LAN Configuration Guide for configuring VLAN in Cyberoam.

2 High Availability support in Gateway mode HA, refer High Availability Guide for configuring HA cluster in Cyberoam Sample Schema Throughout the article we will use the network parameters displayed in the below given network diagram. The below given network diagram depicts a network where Cyberoam is added to the perimeter for the purpose of providing security services. Traffic from hosts connected to the LAN would be permitted outbound through the Cyberoam to the gateways, while traffic from the WAN would, by default, not be permitted inbound. The public servers, a mail, web and database server, on the DMZ, an access Rule allowing WAN-to-LAN traffic for the appropriate IP addresses and services will be added to allow inbound traffic to those servers.

3 Preparing to configure Cyberoam Appliance is shipped with the following default configuration: Port A IP address (LAN zone): / Port B IP address (WAN zone): / Gather DNS IP address, date and time zone and well as administrator address. Deployment steps Connecting Appliance Connect port A of the Appliance to a management computer s Ethernet interface. You can use a cross-over Ethernet cable to connect directly or use straight-through Ethernet cable to connect through hub or switch. Both the cables are provided along with the Appliance. By connecting management computer to port A, we are assigning port A to LAN zone. Set the IP address of the management system to /24. Connecting to Web Admin Console Browse to to access Cyberoam Web Console (GUI). Cyberoam login page is displayed and you are prompted to enter login credentials. Use default username and

4 password to log on. Internet Explorer 5.5+ or Mozilla Firefox 1.5+ is required to access Web Admin Console. If you cannot log on, verify the following configurations: Did you plug your management workstation into the port A on the appliance? - Deployment can only be performed through port A. Is the link light glowing on both the management computer and the Appliance? If not, check and replace the cable Is your management computer set to a static IP address of and subnet as ? Did you enter correct IP address in your Web browser? Starting Network Configuration Wizard Click Wizard button on the top right of the Dashboard to start Network Configuration Wizard and click Start.

10 Configuring Mail Settings Configure mail server IP address, administrator address from where the notification mails will be send and the address of the notification recipient.

11

12 Configuring Date and Time zone How To Deploy Cyberoam in Gateway mode

13 Cyberoam will take time to restart, please wait for some time before clicking to access the Web Admin Console.

14 Note: After changing the LAN IP address, you must use this IP address to reconnect to the web admin console. You might also have to change the IP address of the management station to be on the same subnet as the new IP address. This finishes the basic configuration of Cyberoam and now you are ready to use the Appliance. Verifying configuration using Dashboard Browse to and log on to Web Admin Console using default username and password. Dashboard page is displayed on successful log on. 1. Verify appliance information Check the Appliance Information section of Dashboard to verify configuration. 2. Verify gateway status Check the Gateway Status of Dashboard and verify that the status of the gateway green i.e. UP.

15 3. Verify IP assignments Go to System> Network Configure > Manage Interface page and check IP address assigned to Interfaces. If you have not configured IP scheme properly, you can run the Network Configuration wizard and change the IP address. 4. Verify DNS status Browse to IP address>/dg.html and log on with default username and password and verify that DNS status is Ok.

16 5. If due to incorrect IP address configuration, you are not able to access appliance, rollback to factory default settings and re-configure Cyberoam by repeat the entire deployment steps given in this document. What next? If Cyberoam is up and running, you are now ready to use the Appliance. You can now: Monitor network activities using Cyberoam Reports. Detect your network traffic i.e. applications and protocols accessed by your users. Configure authentication to monitor and log user activities based on User names Rollback to factory default settings Access Telnet Console using any of the SSH client. Start SSH client and create new Connection with the following parameters: Hostname - <Cyberoam server IP Address> Username admin Password RESET This will rollback Cyberoam configuration to its factory default settings.

How To - Deploy Cyberoam in Bridge Mode Cyberoam appliance can be deployed in a network in two modes: Bridge mode. Popularly known as Transparent mode Gateway mode. Popularly known as Route mode Article

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface How To Configure load sharing and redirect mail server traffic over preferred Gateway

How To Configure High Availability (HA) in Cyberoam How To Configure High Availability (HA) in Cyberoam Applicable Version: 10.00 onwards Overview High Availability (HA) is a clustering technology which

1. This guide describes how to use the Unified Threat Management appliance (UTM) Basic Setup Wizard to configure the UTM for connection to your network. It also describes how to register the UTM with NETGEAR.

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment How To - Implement Clientless Single Sign On Authentication with Active Directory Applicable

Troubleshooting Slow Browsing Document Intention This document indents to troubleshoot slow browsing step-by-step. This document is relevant only if Cyberoam is deployed in Route or Bridge mode. Troubleshooting

How To Configure Port Forwarding using Virtual Host to access devices on Internal network Applicable to versions 9.5.3 build 14 or above This article describes a detailed configuration example that demonstrates

QUICKSTART GUIDE 1 Getting Started You will need the following items to get started: A desktop or laptop computer Two ethernet cables (one ethernet cable is shipped with the _ Blocker, and you must provide

Installation of the On Site Server (OSS) rev 1.1 Step #1 - Initial Connection to the OSS Having plugged in power and an ethernet cable in the eth0 interface (see diagram below) you can connect to the unit

SSL-VPN Using SonicWALL NetExtender to Access FTP Servers Problem: Using NetExtender to access an FTP Server on the LAN segment of a SonicWALL PRO 4060. Solution: Perform the following setup steps. Step

F-SECURE MESSAGING SECURITY GATEWAY DEFAULT SETUP GUIDE This guide describes how to set up and configure the F-Secure Messaging Security Gateway appliance in a basic e-mail server environment. AN EXAMPLE

Routing concepts in Cyberoam Article explains routing concepts implemented in Cyberoam, how to define static routes and route policies. It includes following sections: Static route Firewall based routes

Chapter 3 Connecting the FWG114P v2 to the Internet This chapter describes how to set up the router on your local area network (LAN) and connect to the Internet. You will find out how to configure your

Multi-Homing Security Gateway MH-5000 Quick Installation Guide 1 Before You Begin It s best to use a computer with an Ethernet adapter for configuring the MH-5000. The default IP address for the MH-5000

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN Applicable Version: 10.6.2 onwards Overview Virtual host implementation is based on the Destination NAT concept. Virtual

The Barracuda SSL VPN Vx Virtual Appliance includes the same powerful technology and simple Web based user interface found on the Barracuda SSL VPN hardware appliance. It is designed for easy deployment

SonicOS SonicOS Contents The following sections describe how to upgrade an existing SonicOS firmware image to a newer version: Obtaining the Latest SonicOS Firmware Version... 1 Creating a System Backup

9 CHAPTER This chapter describes how to configure the CSC SSM using the CSC Setup Wizard in ASDM and the CSC SSM GUI, and includes the following sections: Information About the CSC SSM, page 9-1 Licensing

Appliance Installation Guide Naming Conventions NAMING CONVENTIONS This document applies to the products shown below. If the product you have is not listed, refer to the appropriate Appliance Installation

Wireless Hot Spot Gateway WAS-103R Version 1.01 Preface Thanks to customers opinions on experiences of selling WAS-102R for several years. Due to global economy crisis and after discussing with some VIP

Chapter 1 Installing the Gateway This chapter describes how to set up the wireless voice gateway on your Local Area Network (LAN), connect to the Internet, and perform basic configuration. For information

Important Notice Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed

ADSL Router Quick Setup Guide RTA220 Important This Guide is intended to get you started quickly. The factory default profile of this Router is customised for New Zealand users. Please follow through the

This product can be set up using any current web browser, i.e., Internet Explorer 6x, Netscape Navigator 4x. D-Link DFL-900 VPN/Firewall Router Before You Begin It s best to use a computer with an Ethernet

Optimum Business SIP Trunk Set-up Guide For use with IP PBX only. SIPSetup 07.13 FOR USE WITH IP PBX ONLY Important: If your PBX is configured to use a PRI connection, do not use this guide. If you need

Hosting more than one FortiOS instance on a single FortiGate unit using VDOMs and VLANs 1. Network topology Use Virtual domains (VDOMs) to divide the FortiGate unit into two or more virtual instances of

Configuration Manual English version Frama F-Link Configuration Manual (EN) All rights reserved. Frama Group. The right to make changes in this Installation Guide is reserved. Frama Ltd also reserves the

Installing and Configuring a Cisco APIC-EM Appliance This chapter describes how to install the Cisco APIC-EM ISO image on the appliance and configure it. Installing the Cisco APIC-EM Series Appliance in

Chapter 7 Troubleshooting This chapter provides information about troubleshooting your Wireless-G Router Model WGR614v9. After each problem description, instructions are provided to help you diagnose and

This article describes how to manually configure a Linksys Router for broadband DSL that uses PPPoE (Point-to-Point Protocol over Ethernet) for authentication. For automatic configuration options, please

Cisco Configuration Professional Quick Start Guide April 29, 2011 This document explains how to start using Cisco Configuration Professional Express (Cisco CP Express) and Cisco Configuration Professional

CYBEROAM INSTALLATION GUIDE VERSION: 6..0..0..0 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty

ETHERNET WEATHER STATION CONNECTIONS Application Note 33 With WeatherLink and a Device Server INTRODUCTION It is possible to substitute an Ethernet connection for the direct USB or serial connection that

Installing and Configuring vcloud Connector vcloud Connector 2.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

High Availability Configuration Guide Version 9 Document version 9402-1.0-08/11/2006 2 HA Configuration Guide IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable